Simplify key related functions in tz-backend

- Use proper parameter for tag length
- Move default param values to TrustZoneContext where possible
- Remove unnecessary arguments

Change-Id: I00f8909ede4f80b77a937b52a5bce5698d4516a5

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index bfb78d7..d2753bc 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -73,7 +73,7 @@ tz_algo_type getAlgType(KeyType keyType)
 RawBuffer generateIV()
 {
        RawBuffer result;
-       TrustZoneContext::Instance().generateIV(Params::DEFAULT_AES_IV_LEN, result);
+       TrustZoneContext::Instance().generateIV(result);
        return result;
 }
 
@@ -96,7 +96,6 @@ Data generateSKey(const CryptoAlgorithm &alg,
                RawBuffer pwdBuf(pwd.begin(), pwd.end());
                TrustZoneContext::Instance().generateSKeyPwd(getGenKeyType(keyType),
                                                                                                        pwdBuf, iv, keyBits,
-                                                                                                       Params::DEFAULT_AES_GCM_TAG_LEN_BITS,
                                                                                                        keyData.data, tag);
        } else {
                TrustZoneContext::Instance().generateSKey(getGenKeyType(keyType), keyBits,
@@ -128,13 +127,10 @@ RawBuffer importKey(const Data &data,
        RawBuffer result;
 
        RawBuffer pwdBuf(pwd.begin(), pwd.end());
-       uint32_t keySizeBits = data.data.size() * 8;
        TrustZoneContext::Instance().importKey(algo,
                                                                                data.data,
                                                                                pwdBuf,
                                                                                iv,
-                                                                               keySizeBits,
-                                                                               Params::DERIVED_KEY_LENGTH_BITS,
                                                                                result,
                                                                                tag);
        return result;

diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index 7a59fbe..e088163 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -68,7 +68,7 @@ TrustZoneContext& TrustZoneContext::Instance()
        return instance;
 }
 
-void TrustZoneContext::generateIV(uint32_t ivSize, RawBuffer& iv)
+void TrustZoneContext::generateIV(RawBuffer& iv)
 {
        // command ID = CMD_GENERATE_IV
        //
@@ -81,6 +81,7 @@ void TrustZoneContext::generateIV(uint32_t ivSize, RawBuffer& iv)
 
        // IV generation is a simple call - no need to serialize data
        // just provide the output buffer with size equal to iv.
+       uint32_t ivSize = Params::DEFAULT_AES_IV_LEN;
        TrustZoneMemory ivMemory(m_Context, ivSize, TEEC_MEM_OUTPUT);
 
        TEEC_Operation op;
@@ -150,7 +151,6 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
                                                                        const RawBuffer &pwd,
                                                                        const RawBuffer &iv,
                                                                        const uint32_t keySizeBits,
-                                                                       const uint32_t pwdTagSizeBits,
                                                                        RawBuffer &keyId,
                                                                        RawBuffer &pwdTag)
 {
@@ -176,7 +176,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
 
        memset(&bufSize, 0, sizeof(KM_BufferSizeDesc));
        bufSize.out_size = KM_KEY_ID_SIZE;
-       bufSize.tag_size = pwdTagSizeBits / 8;
+       bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES;
        uint32_t keyMemorySize = KM_CalcBufferSize(bufSize);
        TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT);
 
@@ -188,7 +188,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
 
        ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), iv.data(), iv.size(),
                                                                        nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS,
-                                                                       Params::DERIVED_KEY_ITERATIONS, pwdTagSizeBits);
+                                                                       Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8);
        if (ret) {
                ThrowErr(Exc::Crypto::InternalError, "Failed to serialize password data for TZ crypto operation: ", ret);
        }
@@ -244,8 +244,6 @@ void TrustZoneContext::importKey(tz_algo_type algo,
                                                                const RawBuffer &key,
                                                                const RawBuffer &pwd,
                                                                const RawBuffer &iv,
-                                                               const uint32_t keySizeBits,
-                                                               const uint32_t pwdTagSizeBits,
                                                                RawBuffer &keyId,
                                                                RawBuffer &pwdTag)
 {
@@ -274,7 +272,7 @@ void TrustZoneContext::importKey(tz_algo_type algo,
 
        memset(&bufSize, 0, sizeof(KM_BufferSizeDesc));
        bufSize.out_size = KM_KEY_ID_SIZE;
-       bufSize.tag_size = pwdTagSizeBits / 8;
+       bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES;
        uint32_t keyMemorySize = KM_CalcBufferSize(bufSize);
        TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT);
 
@@ -292,7 +290,7 @@ void TrustZoneContext::importKey(tz_algo_type algo,
        if (!pwd.empty()) {
                ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), iv.data(), iv.size(),
                                                                                nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS,
-                                                                               Params::DERIVED_KEY_ITERATIONS, pwdTagSizeBits);
+                                                                               Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8);
                if (ret) {
                        ThrowErr(Exc::Crypto::InternalError, "Failed to serialize key data for import: ", ret);
                }
@@ -302,7 +300,7 @@ void TrustZoneContext::importKey(tz_algo_type algo,
        op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
                                                                        TEEC_MEMREF_WHOLE, TEEC_NONE);
        op.params[0].value.a = algo;
-       op.params[0].value.b = keySizeBits;
+       op.params[0].value.b = key.size() * 8;
        op.params[1].memref.parent = inMemory.Get();
        op.params[1].memref.offset = 0;
        op.params[1].memref.size = inMemory.Get()->size;
@@ -332,19 +330,18 @@ void TrustZoneContext::importKey(tz_algo_type algo,
 
        if (!pwd.empty()) {
                KM_TagData* tagData = nullptr;
-               uint32_t pwdTagSizeBytes = pwdTagSizeBits / 8;
 
                ret = KM_ParamsDeserializeTagData(output, &tagData);
                if (ret) {
                        ThrowErr(Exc::Crypto::InternalError, "Failed to deserialize imported key's tag");
                }
 
-               if (tagData == nullptr || tagData->data_size != pwdTagSizeBytes) {
+               if (tagData == nullptr || tagData->data_size != bufSize.tag_size) {
                        ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key tag");
                }
 
-               pwdTag.resize(pwdTagSizeBytes);
-               memcpy(pwdTag.data(), tagData->data, pwdTagSizeBytes);
+               pwdTag.resize(bufSize.tag_size);
+               memcpy(pwdTag.data(), tagData->data, bufSize.tag_size);
        }
 }
 

diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h
index 44ad38c..86fe08b 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -37,7 +37,7 @@ class TrustZoneContext final
 public:
        static TrustZoneContext& Instance();
 
-       void generateIV(uint32_t ivSize, RawBuffer &iv);
+       void generateIV(RawBuffer &iv);
        void generateSKey(tz_algo_type algo,
                                        uint32_t keySizeBits,
                                        RawBuffer &keyId);
@@ -45,15 +45,12 @@ public:
                                                const RawBuffer &pwd,
                                                const RawBuffer &iv,
                                                const uint32_t pwdKeySizeBits,
-                                               const uint32_t pwdTagSizeBits,
                                                RawBuffer &keyId,
                                                RawBuffer &pwdTag);
        void importKey(tz_algo_type algo,
                                        const RawBuffer &key,
                                        const RawBuffer &pwd,
                                        const RawBuffer &iv,
-                                       const uint32_t keySizeBits,
-                                       const uint32_t pwdTagSizeBits,
                                        RawBuffer &keyId,
                                        RawBuffer &pwdTag);